Configuration Reference

Configuration sources

Cosmictron reads configuration from (in order of precedence):

Environment variables (highest priority)
config.toml in the data directory
Built-in defaults

config.toml

# Performance profile — shorthand for common setting combinations
# Values: "development" | "balanced" | "production" | "maximum_safety"
profile = "balanced"

[server]
listen = "0.0.0.0:3000"
pgwire_listen = "0.0.0.0:5432"
admin_password = ""           # Set via env: COSMICTRON_ADMIN_PASSWORD

[storage]
data_dir = "./data"
max_open_files = 1024
blob_max_size_mb = 100        # Maximum upload size for blob store

[wal]
# Fsync policy (overridden by profile)
fsync_policy = "periodic"     # "always" | "periodic" | "never"
sync_method = "fdatasync"     # "fsync" | "fdatasync"
segment_size_mb = 64
checkpoint_interval_secs = 60

[auth]
jwt_secret = ""               # Set via env: COSMICTRON_JWT_SECRET
jwt_expiry_secs = 86400       # 24 hours
passkeys_enabled = true
magic_links_enabled = true
smtp_host = ""
smtp_port = 587
smtp_from = ""

[modules]
fuel_limit = 10_000_000       # CPU fuel per reducer call
memory_limit_mb = 256         # Per-module heap limit
hot_reload = false            # Enable for development

[compliance]
event_signing = false
signing_key_path = ""
tsa_enabled = false
tsa_url = ""
tsa_cert_path = ""
pii_encryption = false
pii_kms_provider = ""         # "aws" | "vault" | "gcp" | ""

[compliance.threshold_signing]
enabled = false
threshold = 0
total_shares = 0
aggregated_pubkey_path = ""

[telemetry]
prometheus_enabled = true
prometheus_listen = "0.0.0.0:9090"
otlp_endpoint = ""            # OpenTelemetry collector endpoint
log_level = "info"

Environment variables

Variable	Equivalent config	Default
`COSMICTRON_DATA_DIR`	`storage.data_dir`	`./data`
`COSMICTRON_LISTEN`	`server.listen`	`0.0.0.0:3000`
`COSMICTRON_PGWIRE_LISTEN`	`server.pgwire_listen`	`0.0.0.0:5432`
`COSMICTRON_JWT_SECRET`	`auth.jwt_secret`	(required in production)
`COSMICTRON_ADMIN_PASSWORD`	`server.admin_password`	`admin`
`COSMICTRON_FSYNC_POLICY`	`wal.fsync_policy`	`periodic`
`COSMICTRON_PERFORMANCE_PROFILE`	`profile`	`balanced`
`COSMICTRON_LOG`	`telemetry.log_level`	`info`
`COSMICTRON_EVENT_SIGNING`	`compliance.event_signing`	`false`
`COSMICTRON_SIGNING_KEY_PATH`	`compliance.signing_key_path`	“
`COSMICTRON_MODULE_PATH`	(dev only)	“

Performance profiles

Profile	fsync	sync method	fuel limit	notes
`development`	`never`	—	50M	Fast writes, no durability guarantee
`balanced`	`periodic`	`fdatasync`	10M	Good default
`production`	`always`	`fdatasync`	10M	Full durability
`maximum_safety`	`always`	`fsync`	5M	+ compliance layer enabled

Module fuel limits

Fuel limits cap CPU usage per reducer call. A reducer that exhausts its fuel limit is aborted and the transaction is rolled back.

Tuning guidance:

Increase fuel_limit for complex data-processing reducers
Decrease for simple insert/update reducers to prevent runaway loops
Monitor fuel consumption in the admin dashboard or Prometheus metrics

Blob store

The blob store holds binary uploads (WASM modules, uploaded files, voice recordings):

[storage.blob]
backend = "local"             # "local" | "s3" | "r2"
local_path = "./data/blobs"

# For S3/R2:
# backend = "s3"
# bucket = "my-cosmictron-blobs"
# region = "us-east-1"
# endpoint = ""               # Custom endpoint for R2/MinIO